﻿using IdentityModel;
using IdentityServer4;
using IdentityServer4.Models;
using IdentityServer4.Test;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;

namespace JXIdentityServer
{
	/// <summary>
	/// 配置IdentityServer中要用到的一些内容
	/// </summary>
	public static class Config
	{
		/// <summary>
		/// 返回受保护的Api集合
		/// </summary>
		/// <returns></returns>
		public static IEnumerable<ApiResource> GetApis()
		{
			return new List<ApiResource>
			{
				new ApiResource("JXWebApi", "常用的WebApi",new List<string>(){ JwtClaimTypes.Id, JwtClaimTypes.Name, JwtClaimTypes.Role})
			};
		}

		/// <summary>
		/// 返回客户的身份资源列表
		/// </summary>
		/// <returns></returns>
		public static IEnumerable<IdentityResource> GetIdentityResources()
		{
			return new List<IdentityResource>
			{
				new IdentityResources.OpenId(),
				new IdentityResources.Profile()
			};
		}

		/// <summary>
		/// 返回哪些应用程序能使用IdentityServer
		/// </summary>
		/// <returns></returns>
		public static IEnumerable<Client> GetClients()
		{
			return new List<Client>
			{
				new Client
				{
                    //API账号、客户端Id
                    ClientId = "JXWebApi",
                    //认证秘钥：SHA 安全散列算法 是一个密码散列函数家族，是FIPS所认证的安全散列算法。能计算出一个数字消息所对应到的，长度固定的字符串（又称消息摘要）的算法。且若输入的消息不同，它们对应到不同字符串的机率很高。
                    ClientSecrets = new [] { new Secret("JXWebApi".Sha256()) },
                    //客户端验证凭证授权类型
                    AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
                    //定义当秘钥验证通过后允许访问的资源,多个使用逗号隔开,如果要获取refresh_tokens ,必须在scopes中加上OfflineAccess
                    AllowedScopes={ "JXWebApi", IdentityServerConstants.StandardScopes.OfflineAccess},
					AllowOfflineAccess=true
				}
                // OpenID Connect implicit flow client (MVC)
				,new Client
				{
					ClientId = "JXWebMvc",
					ClientSecrets = new [] { new Secret("JXWebMvc".Sha256()) },
					ClientName = "MVC Client",
					AllowedGrantTypes = GrantTypes.Code,
					//指定是否需要同意屏幕（默认为true）
					RequireConsent = false,
					//指定基于授权代码的令牌请求是否需要验证密钥（默认为false）
					RequirePkce = true,
					//登录之后重定向到哪里
					RedirectUris = { "http://localhost:5020/signin-oidc" },
					//退出之后重定向到哪里
					PostLogoutRedirectUris = { "http://localhost:5020/signout-callback-oidc" },
					//FrontChannelLogoutUri = "http://localhost:5020/signout-oidc",
					//AlwaysIncludeUserClaimsInIdToken = true,
					//AllowOfflineAccess = true,
					AllowedScopes = new List<string>
					{
						IdentityServerConstants.StandardScopes.OpenId,
						IdentityServerConstants.StandardScopes.Profile,
						"JXWebApi"
					}
				}
			};
		}

		/// <summary>
		/// 返回哪些测试用户能使用IdentityServer
		/// </summary>
		/// <returns></returns>
		public static IEnumerable<TestUser> GetUsers()
		{
			return new List<TestUser>
			{
				new TestUser
				{
					SubjectId = "1",
					Username = "442106890@qq.com",
					Password = "123456",
					Claims =
					{
						new Claim(JwtClaimTypes.Role, "SuperAdmin"),
						new Claim(JwtClaimTypes.Id, "1"),
						new Claim(JwtClaimTypes.Name, "TestName"),
						new Claim(JwtClaimTypes.GivenName, "TestGivenName"),
						new Claim(JwtClaimTypes.FamilyName, "TestFamilyName"),
						new Claim(JwtClaimTypes.Email, "442106890@qq.com"),
						new Claim(JwtClaimTypes.EmailVerified, "true", ClaimValueTypes.Boolean),
						new Claim(JwtClaimTypes.WebSite, "http://www.baidu.com"),
						new Claim(JwtClaimTypes.Address, @"{ 'street_address': 'One Hacker Way', 'locality': 'Heidelberg', 'postal_code': 69118, 'country': 'Germany' }", IdentityServer4.IdentityServerConstants.ClaimValueTypes.Json)
					}
				}
			};
		}
	}
}
